Wifi Pineapple is created by Hak5. It is quite expensive device. It is also named as Jasager (in German). The meaning in English is "Yes Man".

Wifi Pineapple is the Wifi Access Point (AP) to answer “Yes” to all Wifi connection.

If a Wifi client is looking for the SSID of Macdonld the Pineapple (or Jasager) will reply “That’s Me!”. If another Wifi client is looking for an SSID of Starbucks, again the Pineapple will reply “That's Me!”

From this stage you can attack WiFi clients and perfrom Man-in-The-Middle (MiTM) attacks on victims internet traffic!.

Now, we are going to make a custom Wifi Pineapple in a much cheaper price, e.g about $30-USD or less.

Step 1 :

To download the OpenWRT (Attitude Adjustment 12.09, r36088 - at this time of writing) :

If you are fresh install from the stock version of the TP-Link TL-MR3020 -wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin

If you are upgrade from the previous installed OpenWRT -wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin

Configure your computer to static IP address :

IP address : 192.168.0.10
Gateway : 192.168.0.1

The default IP address of stock TP-Link TL-MR3020 is 192.168.0.254.

The username and password of the stock TP-Link TL-MR3020 are both "admin".

Go to the "System Tools" -- "Firmware Upgrade" to upgrade from the just downloaded .bin file.

Step 2 :

Once upgraded to OpenWRT, your device's IP address will changed to 192.168.1.1.

Then set the very STRONG root password at "System" -- "Administration".

The more simply way is to insert the USB pendrive to your computer and copy the said files to the USB pendrive from /home/samiux/squashfs-root or /home/samiux/test by using sudo command. However, you should make sure that you have completed up to Step 4.

Step 7 :

ssh 192.168.1.100 -lroot

Any upgrade/update from the Pineapple will brick your TL-MR3020, so you need to disable it.

Enter username as "root" and password as your very STRONG root password.

The SSID is "OpenWrt".

Step 9 (Connectivity) :

The following is one of the ways to use the Pineapple (TL-MR3020) by the way of tethering :

Connect your laptop to internet via wireless or 3G.

Set Wired Connection at the Network Manager of the Ubuntu to :

Uncheck Connect Automatically at the wired connection of Network Manager of Ubuntu.

Then connect the CAT5/5e/6 cable to the Pineapple and your laptop.

At the laptop, download the script.

wget http://wifipineapple.com/wp4.sh
chmod +x wp4.sh
sudo ./wp4.sh

The source code of wp4.sh :

Now, your computer (laptop) can access internet and also can access the TL-MR3020. Victims can also access the internet when they connected to your Pineapple.

Once you want to reset what wp4.sh set, you need to run the following script that is created by me.

sudo ./killwp4.sh

Step 10 (Optional) :

The following is one of the ways to use the Pineapple (TL-MR3020) with router or alike :

Change the content of the file "/etc/config/network" to the following :

If your router (such as mobile phone with tethering function) IP address range is 192.168.1.x, you can change the IP address of TL-MR3020 to 192.168.1.10 and the gateway as the gateway of your router (such as mobile phone) :

There are TWO important things you should NOT do, otherwise, you will brick the TL-MR3020. They are :

First - Do NOT upgrade the OpenWrt;
Second - Do NOT upgrade the Pineapple in the normal way.

Known Issue

After several days struggle in setting up TP-Link TL-MR3020 Pineapple, I try to test the Karma function. However, I have some problems on it.

For the Karma, I expected that the rouge access point that making by Karma will accept all connections from the nearby victim devices when they are turning on their wifi and looking for their desired networks. However, my TP-Link MR3020 does not working as I expected.

How it does not work?

I have a WPA2 CCMP encrypted access point and her SSID is HelloWorld. My DIY Pineapple's Karma SSID is OpenWrt without any encryption (open).

When I create a new network "OpenWrt" on my Android phone, my phone does not connect to the OpenWrt but connected to HellowWorld instead as I connected to it before.

Secondary, I need to connect to OpenWrt manually. I disabled the wifi function on my phone and then enabled it again. My phone will connect to the OpenWrt automatically even I have connected to Helloworld before.

Thirdly, even the HelloWorld is turned off, my phone cannot connect to OpenWrt automatically if it is not connected to it before.

My questions are :

(1) How can the Karma on my DIY Pineapple to pick up all the connections from the nearby victim devices even they do not connect to my Pineapple SSID manually?

(2) Do I misunderstand the function or feature of Karma? Or, my DIY Pineapple is not working properly only?

About Me

The miracle isn't that I finished. ... The miracle is that I had the courage to start. -- John "The Penguin" Bingham

Think like a criminal and act as a professional.

99 percent secure is a 100 percent insecure.

Viruses don't harm, ignorance does! -- VX Heaven

Do BAD things .... for the RIGHT reasons -- OWASP ZAP

While you do not know attack,
how can you know about
defense? (未知攻,焉知防?)

It is easier to port a shell than a shell script. -- Larry Wall

Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris. -- Larry Wall

For a long time it puzzled me how something so expensive, so leading edge, could be so useless. And then it occurred to me that a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are, in short, a perfect match. -- Bill Bryson

In theory, theory and practice are the same. In practice, they’re not. -- Yoggi Berra